Other Cloud Platforms Should Follow Heroku's Example of Transparency
Join the DZone community and get the full member experience.Join For Free
I commend their transparency and commitment to open source given that most companies don't open source this information. It shows that they know enough about their security to be absolutely sure what's okay to open source. Their argument was also bolstered by this statement: 'Heroku would not exist without open source. Other security sensitive open source software we use include "Rails" and "The Linux Kernel".'
Check out the post about this news, because it's actually a large, informative post about how they use OAuth for SSO, which I'm sure will provide inspiration for some of you. There are plenty of whiteboard diagrams to illustrate as well.